Article

DKAL: Distributed-Knowledge Authorization Language

Authors:

Yuri Gurevich,

Itay NeemanAuthors Info & Claims

CSF '08: Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium

Pages 149 - 162

https://doi.org/10.1109/CSF.2008.8

Published: 23 June 2008 Publication History

Publisher Site

Abstract

DKAL is a new declarative authorization language for distributed systems. It is based on existential fixed-point logic and is considerably more expressive than existing authorization languages in the literature. Yet its query algorithm is within the same bounds of computational complexity as e.g. that of SecPAL. DKAL's communication is targeted which is beneficial for security and for liability protection. DKAL enables flexible use of functions; in particular principals can quote (to other principals) whatever has been said to them. DKAL strengthens the trust delegation mechanism of SecPAL. A novel information order contributes to succinctness. DKAL introduces a semantic safety condition that guarantees the termination of the query algorithm.

Cited By

View all

Pasarella ELobo JBertino ESandhu RWeippl E(2017)A Datalog Framework for Modeling Relationship-based Access Control PoliciesProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078871(91-102)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3078871
Van Hertum PCramer MBogaerts BDenecker M(2016)Distributed autoepistemic logic and its application to access controlProceedings of the Twenty-Fifth International Joint Conference on Artificial Intelligence10.5555/3060621.3060800(1286-1292)Online publication date: 9-Jul-2016
https://dl.acm.org/doi/10.5555/3060621.3060800
Armando ARanise STraverso RWrona KBertino ESandhu RKrishnan R(2016)SMT-based Enforcement and Analysis of NATO Content-based Protection and Release PoliciesProceedings of the 2016 ACM International Workshop on Attribute Based Access Control10.1145/2875491.2875493(35-46)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875491.2875493
Show More Cited By

Index Terms

DKAL: Distributed-Knowledge Authorization Language

Recommendations

Logic of infons: The propositional case

Infons are statements viewed as containers of information (rather then representations of truth values). The logic of infons turns out to be a conservative extension of logic known as constructive or intuitionistic. Distributed Knowledge Authorization ...
DKAL and Z3: a logic embedding experiment
Fields of logic and computation

Yuri Gurevich and Itay Neeman proposed the Distributed Knowledge Authorization Language, DKAL, as an expressive, yet very succinct logic for distributed authorization. DKAL uses a combination of modal and intuitionistic propositional logic. Modalities ...
An authorization mechanism for a relational database system

A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...

Comments

Information & Contributors

Information

Published In

CSF '08: Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium

June 2008

318 pages

ISBN:9780769531823

Publisher

IEEE Computer Society

United States

Publication History

Published: 23 June 2008

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Pasarella ELobo JBertino ESandhu RWeippl E(2017)A Datalog Framework for Modeling Relationship-based Access Control PoliciesProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078871(91-102)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3078871
Van Hertum PCramer MBogaerts BDenecker M(2016)Distributed autoepistemic logic and its application to access controlProceedings of the Twenty-Fifth International Joint Conference on Artificial Intelligence10.5555/3060621.3060800(1286-1292)Online publication date: 9-Jul-2016
https://dl.acm.org/doi/10.5555/3060621.3060800
Armando ARanise STraverso RWrona KBertino ESandhu RKrishnan R(2016)SMT-based Enforcement and Analysis of NATO Content-based Protection and Release PoliciesProceedings of the 2016 ACM International Workshop on Attribute Based Access Control10.1145/2875491.2875493(35-46)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875491.2875493
Hallett JAspinall D(2016)AppPAL for AndroidProceedings of the 8th International Symposium on Engineering Secure Software and Systems - Volume 963910.1007/978-3-319-30806-7_14(216-232)Online publication date: 6-Apr-2016
https://dl.acm.org/doi/10.1007/978-3-319-30806-7_14
Lorenz DRosenan BMurphy GJr. G(2015)Separation of powers in the cloud: where applications and users become peers2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!)10.1145/2814228.2814237(76-89)Online publication date: 21-Oct-2015
https://dl.acm.org/doi/10.1145/2814228.2814237
Vahldiek-Oberwagner AElnikety EMehta AGarg DDruschel PRodrigues RGehrke JPost ARéveillère LHarris THerlihy M(2015)GuardatProceedings of the Tenth European Conference on Computer Systems10.1145/2741948.2741958(1-16)Online publication date: 17-Apr-2015
https://dl.acm.org/doi/10.1145/2741948.2741958
Magirius MMundhenk MPalenta R(2015)The complexity of primal logic with disjunctionInformation Processing Letters10.1016/j.ipl.2015.01.003115:5(536-542)Online publication date: 1-May-2015
https://dl.acm.org/doi/10.1016/j.ipl.2015.01.003
Jackson ELevendovszky TBalasubramanian D(2015)Automatically reasoning about metamodelingSoftware and Systems Modeling (SoSyM)10.1007/s10270-013-0315-y14:1(271-285)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.1007/s10270-013-0315-y
Molina-Markham APeterson RSkinner JYun TGolla BFreeman KPeters TSorber JHalter RKotz DBanerjee AGupta S(2014)AmuletProceedings of the 1st Workshop on Mobile Medical Applications10.1145/2676431.2676432(16-21)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2676431.2676432
Tsankov PMarinovic STorabi Dashti MBasin DAhn GYung MLi N(2014)Fail-Secure Access ControlProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660307(1157-1168)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660307
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Logic of infons: The propositional case

DKAL and Z3: a logic embedding experiment

An authorization mechanism for a relational database system

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations